Encryption is a useful measure you can apply to protect your data, especially when other data protection methods are not feasible, such as high-security storage options or de-identification of the data. The following provides a basic description of a few encryption methods and how they should be applied.

Full Disk Encryption

Full disk encryption (FDE) encrypts the hard drive of your computer; this is important because if your computer is lost or stolen the hard drive can be removed and the information on it accessed if it hasn’t been encrypted, even if your computer is password-protected. Anyone working with research data on a laptop should ensure that FDE is active.

Additional information on these FDE options can be found on VUnet.

Filesystem-level Encryption

Filesystem-level encryption (FLE) encrypts individuals files or the entire folders those files are in. There are many different types of FLE software and unfortunately, VU IT does not provide support for these encryption tools. Many are free and fairly easy to use, however. Unfortunately, if you work on a green or orange workstation you will need to get help from the IT Service Desk () to install most of these encryption tools. Also, if the encrypted files and folders need to accessed on more than one computer, than every computer needs to have the software installed to be able to de-encrypt the files/folders.

Encrypted Portable Media

Information on encrypted portable media can be found in the guide on Secure Physical Data Transport.

Passwords

Set strong passwords when encrypting your media. For further information see these tips on strong passwords in the Security Basics.

Long-term encryption

Encryption standards change over time because as computers become more powerful it becomes easier to break older encryption methods. If encrypted files will be stored for long periods of time, it is important to re-assess regularly whether the encryption used still meets current standards. If data will be encrypted and stored for more than 5 years, it is necessary to nominate an individual who will monitor whether the encryption must be updated; updates are necessary whenever an encryption standard has been cracked or shown to be vulnerable. The IT Service Desk can help with this assessment.